From 79f1a1e07ae758de73cd640faf488a0bf1c479b8 Mon Sep 17 00:00:00 2001
From: Parnell Springmeyer <parnell@awakenetworks.com>
Date: Fri, 1 Jul 2016 11:53:21 -0500
Subject: [PATCH] security: need to specify the ping binary paths for setcap
 wrappers.

---
 nixos/modules/tasks/network-interfaces.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix
index 588a328192d..12605c24516 100644
--- a/nixos/modules/tasks/network-interfaces.nix
+++ b/nixos/modules/tasks/network-interfaces.nix
@@ -894,11 +894,13 @@ in
     security.setcapCapabilities = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") (
       [
         { program = "ping";
+          source  = "${pkgs.iputils.out}/bin/ping";
           setcap  = true;
           capabilities = "cap_net_raw+p";
         }
 
         { program = "ping6";
+          source  = "${pkgs.iputils.out}/bin/ping6";
           setcap  = true;
           capabilities = "cap_net_raw+p";
         }